/
Configuring Email Notifications

You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Configuring Email Notifications

EmpowerID ships with over 100 email templates for every situation that we have identified that warrants a notification. Many of these must be enabled explicitly. Notification types and message recipients can include the following:

  • Onboarding emails are sent to the newly created person, and to the manager specified in the CreatePerson workflow.

  • Approval emails are sent to the people who run request workflows and, if they are sent for approval, those who approve them.

  • Password emails, expiration warnings, and other personal notifications are sent to the affected user.

  • Management role notification emails are sent to people who have Management Roles that enable them to receive the messages.

  • EmpowerID Security Alerts are sent to admin users for security event related alerts.

  • EmpowerID System Notifications are sent to admin users about alerts related to EmpowerID system events, such as failed jobs.

  • Group Membership Change Alerts are sent to admin users about group membership changes.

  • Group Owner Notifications are sent to group owners about group membership changes.

  • Dynamic hierarchy alerts, if enabled and if the group is mail-enabled, are sent to the following:

    • People set in the AssignPeopleToAlerts workflow, accessible at https://<EmpowerID_Web_Server>/UI/#w/assignpeopletoalerts 

    • Management Roles set in the AssignManagementRolesToAlerts workflow, accessible at https://<EmpowerID_Web_Server>/UI/#w/assignmanagementrolestoalerts 

    • Groups set in the AssignGroupsToAlerts workflow, accessible at https://<EmpowerID_Web_Server/UI/#w/assigngroupstoalerts

You can use email test mode to send all email notifications to one email account to ensure that you have them configured correctly before you begin sending them out to users.

Permanent workflows

Permanent workflows trigger some notifications. These workflows are disabled by default.

To access permanent workflows from the navbar, expand Infrastructure Admin, then EmpowerID Servers and Settings, and click Permanent Workflows.

 

Request workflows

A request workflow is a representation of an EmpowerID workflow that runs when initiated by a person. Some request workflows send notifications that are necessary to ensure that EmpowerID runs smoothly. Some have optional approvals that you can enable as workflow parameters. These workflows include those listed in the below table.

Here is a list of request workflows with parameters that control notifications, along with their default values. (Twilio notifications are voice messages. For more, see Integrating Twilio.)

Request Workflow

Workflow Parameter

Default Value

TemporaryGroupMembership

  • ApprovalRequired

  • true

CreateScheduledCertificationAudit

  • AuditDeletedNotificationEmailTemplateName

  • AuditDeletedNotificationManagementRoleName

  • AuditDeletedNotificationEmail

  • EmpowerIDSystemNotifications

UpdatePersonBusinessRoles

  • DisableManagerPreApproval

  • false

UpdatePersonDirectAssignment

  • DisableManagerPreApproval

  • true

UpdatePersonManagementRoles

  • DisableManagerPreApproval

  • true

CreatePerson

  • DisableManagerPreApproval

  • ManagementRoleIDToEmail

  • true

  • 110

CheckoutSharedCredential

  • DisablePreApproval

  • false

DeleteAccountWF

  • EmailMessageID

  • 3041

SODViolationsExample

  • EmailMessageID

  • 35

CertificateExpirationNotification

  • EmailMessageID

  • LicenseEmailTemplateID

  • ManagementRoleIDToNotify

  • 3008

  • 3017

  • 108

AddBusinessProcessTaskComment

  • EmailTemplateName

  • BusinessProcessTaskComment

NotifyAuditParticipants

  • EmailTemplateNameForAllAuditParticipants

  • EmailTemplateNameForAnyoneWithUnfinishedTasks

  • EmailTemplateManagersOfPeopleWithUnfinishedTasks

  • EmailTemplateNameForAllAuditParticipants

  • EmailTemplateNameForAnyoneWithUnfinishedTasks

  • EmailTemplateNameForManagersOfPeopleWithUnfinishedTasks

UnreviewedRecertificationTaskNotification

  • EscalationEmailTemplateName

  • Reviewer Recertification Escalation Email

HelpdeskPasswordReset

  • ManagementRoleIDToEmail

  • 110

ResetPassword

  • ManagementRoleIDToEmail

  • SendAdminNotification

  • SendUserNotification

  • 110

  • true

  • true

SODViolationsExample

  • ManagementRoleIDToNotify

  • 110

UnreviewedRecertificationTaskNotification

  • NotificationEmailTemplateName

  • Reviewer Recertification Escalation Email

ElevateMeTemporarily

  • RetroActiveApprovalRequired

  • false

SendOTPAnonymous

  • SendPasswordToEmail

  • SendPasswordToTwilioSMS

  • SendPasswordToTwilioVoiceCall

  • SendPasswordToMobile

  • SendPasswordToPersonalEmail

  • true

  • true

  • true

  • true

  • true

PasswordResetCenter

  • SendPasswordToEmail

  • SendPasswordToMobile

  • SendPasswordToPersonalEmail

  • SendPasswordToTwilioSMS

  • SendPasswordToTwilioVoiceCall

  • TwilioOTPVoiceMessageTemplateName

  • false

  • false

  • false

  • false

  • false

  • TwilioOTPVoiceMessage

LoginWF

  • SendPasswordToEmail

  • SendPasswordToMobile

  • SendPasswordToPersonalEmail

  • SendPasswordToTwilioSMS

  • TwilioOTPVoiceMessageTemplateName

  • SendPasswordToTwilioVoiceCall

  • TwilioOTPVoiceMessageTemplateName

  • true

  • false

  • true

  • true

  • TwilioOTPVoiceMessage

  • false

  • TwilioOTPVoiceMessage

RegisterAccount

  • SendPasswordToEmail

  • SendPasswordToMobile

  • SendPasswordToPersonalEmail

  • SendPasswordToTwilioSMS

  • SendPasswordToTwilioVoiceCall

  • TwilioOTPVoiceMessageTemplateName

  • true

  • false

  • true

  • true

  • true

  • TwilioOTPVoiceMessage

SendPersonOneTimePassword

  • SendPasswordToMobile

  • SendPasswordToPersonalEmail

  • SendPasswordToTwilioSMS

  • SendPasswordToTwilioVoiceCall

  • SendPasswordToEmail

  • SMSOTPKeyEntryName

  • TwilioOTPVoiceMessageTemplateName

  • true

  • true

  • true

  • true

  • true

  • PasswordResetCenterOTPSMSMessage

  • TwilioOTPVoiceMessage

PasswordResetCenterTOTP

  • TwilioOTPVoiceMessageTemplateName

  • TwilioOTPVoiceMessageTemplateName

  • TwilioOTPVoiceMessage

  • TwilioOTPVoiceMessage

ResetMultiFactor

  • SendTwilioSMS

  • SendTwilioVoiceCall

  • true

  • false

PasswordExpirationNotification

  • UserPasswordExpirationWarningEmailMessageID

  • 1000

CallMe

  • SendTwilioVoiceCall

  • VoiceMessage

  • true

  • TwilioOTPVoiceMessage

You can schedule re-notifications or manager escalations on individual workflows. Re-notifications send emails to the task owner, and manager escalations send emails to the task owner's manager.

  1. To access request workflows from the navbar, expand Object Administration and click Workflows.

  2. Search for "notification" to find workflows that specifically send notifications.

  3. Click a workflow's Display Name link, and on the Workflow Details page that appears, click the Edit icon.



  4. Click the Schedule tab, and in the Task Owner Renotification section, you can enable and schedule re-notifications.

     

  5. In the Task Owner Manager Renotification section, you can enable and schedule manager notifications.

Email templates

You can find all of EmpowerID's email templates in the database in the EMailMessage table, or in the web application by expanding Admin, then Miscellaneous, and selecting Localized Emails. See Localizing Emails for details on how to edit, translate, and create emails.

Email messages fall into several categories.

These emails are sent to people with the indicated Management Role

ID

Email Template Name

Management Role

Regarding

ID

Email Template Name

Management Role

Regarding

3007

Job Failed Alert Message

EmpowerID System Notifications

Failed job name, system server and exception information

35

SoD Violation Notifcation

EmpowerID Security Alerts

Request that caused a Separation of Duties violation

3005

Group Membership Change Alert Message

Group Membership Change Alerts Group Owner Notifications

Accounts added or removed from group

These emails are sent when a new employee is added to the system.

ID

Email template name

Sent to

Request workflow and parameters

Regarding

ID

Email template name

Sent to

Request workflow and parameters

Regarding

1014

Manager Preapproval Needed

Manager of a new employee

CreatePerson

  • DisableManagerPreApproval

  • ManagementRoleIDToEmail

Onboarding request

1023

Validate Email Address

New user

CreatePerson

Link to validate email address

1036

Welcome Email for New Person

New user

CreatePerson

Login credentials

1037

Person Created Email

Manager of a new employee

CreatePerson

  • ManagementRoleIDToEmail

New person information

1050

Password Email to New Person

New user

CreatePerson

New person password

You can enable alerts for Dynamic Group Management (Hierarchies) when you create them. (They are off by default.) 

ID

Email template name

Regarding

ID

Email template name

Regarding

1038

Generic Hierarchy Create Group Message

new group created for dynamic hierarchy policy

1039

Generic Hierarchy Delete Group Message

group for dynamic hierarchy policy deleted

1040

Generic Hierarchy Group Membership Changed Message

group membership for dynamic hierarchy policy changed

1043

Generic Hierarchy Create Management Role Message

new management role created for dynamic hierarchy policy

1044

Generic Hierarchy Delete Management Role Message

management role for dynamic hierarchy policy deleted

1045

Generic Hierarchy Management Role Membership Changed Message

management role membership for dynamic hierarchy policy changed

1046

Generic Hierarchy Create Management Role Definition Message

new management role definition created for dynamic hierarchy policy

1047

Generic Hierarchy Delete Management Role Definition Message

management role definition for dynamic hierarchy policy deleted

1048

Generic Hierarchy Create Organization Unit Message

new organization unit created for dynamic hierarchy policy

1049

Generic Hierarchy Delete Organization Unit Message

organization unit for dynamic hierarchy policy deleted

 

You can enable alerts for Dynamic Group Management (Hierarchies) when you create them. (They are off by default.) 

You can control which Dynamic Hierarchy change alert emails are sent by doing the following:

  1. On the navbar, expand Dynamic Groups and click Policies.

  2. Edit each policy and scroll down to the Alerts section.

     

These emails are sent when rights to mailbox changes are detected and synced.

ID

Email template name

Regarding

ID

Email template name

Regarding

3003

Exchange Mailbox Permission Sync Receiver Notification

rights assigned to an Exchange mailbox

3010

Office 365 Mailbox Permission Sync Receiver Notification

rights assigned to an Office 365 mailbox

These emails are sent to individuals or their managers as needed.

ID

Email template name

Workflow

Regarding

ID

Email template name

Workflow

Regarding

3008

Certificate Expiration Notification

CertificateExpirationNotification

date certificate will expire

3011

Person Certificate Not Set Up



certificate is not set up

3013

AD Account Expiration Notification Message

ADAccountExpirationNotification

account about to expire

3014

Person Expiration Notification Message

PersonExpirationNotification

person about to expire

3016

Group Membership Expiration Notification Message

GroupMembershipExpirationNotification

group membership has expired

3017

License Expiration Notification

CertificateExpirationNotification

date license will expire

3020

Share External Credentials

AssetAccessRequest

person shared credential with you

3021

Invite User To Join Organization Message

InviteUserToJoinOrganization

link and one-time password to join organization

3022

Create Partner Organization Welcome Email

CreatePartnerOrganizationWorkflow

your organization was created

3024

Delegator Add Email Notification

UpdatePersonDelegates

person was added as a delegate for you

3025

Delegatee Add Email Notification

UpdatePersonDelegates

you were added as a delegate for a person

3026

Delegator Remove Email Notification

RemoveBusinessProcessTaskDelegate

person was removed as a delegate for you

3027

Delegatee Remove Email Notification

RemoveBusinessProcessTaskDelegate

you were removed as a delegate for a person

3028

Delegatee Attestation Email Notification

DelegateTask

person delegated an attestation task to you

3036

Persona Switch Email Notification

LoginWF

person logged into EmpowerID using your identity

3037

Person Enrollment Email Notification

Enrollment

your enrollment was successful

3046

Invite User To Join Organization Using Magic URL

InviteUserToJoinOrganizationPasswordlessLogin

link to complete registration

3053

Invite User To Join Organization Passwordless Login Email

InviteUserToJoinOrganizationPasswordlessLogin

link to passwordless sign-in

This category contains emails that are sent to initiators and approvers of access and assignment requests.

ID

Email template name

Sent to

Regarding

ID

Email template name

Sent to

Regarding

1

To Approver Pending - One Resource

approver

pending approval task for access to one resource

2

To Initiator Approved - One Resource

initiator

access request for one resource is approved

3

To Initiator Rejected - One Resource

initiator

access request for one resource is rejected

4

Initiator Confirmation Screen - One Resource

initiator

submit a request for access to a resource

5

Approver Screen - One Resource

approver

approve a request for access to a resource

6

To Approver Pending - Two Resources

approver

pending approval task for access to two resources

7

To Initiator Approved - Two Resources

initiator

access request for two resources is approved

8